Security News

The Center Hospitalier Sud Francilien, a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries."This attack on the computer network makes the hospital's business software, the storage systems, and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement.

Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack occurred on April 19th and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack's spread and further data theft.

New Serpent backdoor malware targets French entities with unforeseen method. A new backdoor dubbed Serpent has been found on internet, infecting French entities in the construction and government sectors.

An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. The attack starts with a well-known technique - emails containing a macro-enabled Microsoft Word document masquerading as information relating to the GDPR - and ends up with an attempt to install a backdoor on target systems.

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns observed.

Over the last year or two we've noticed that the steady stream of sextortion emails we used to receive - at one time, we were getting several variants on the theme each week - has dwindled to almost nothing. Often, attackers stick to messages in plain text or HTML for the obvious reason that web or email links in those messages typically turn into directly tempting "Calls to action".

The info-stealing malware TinyNuke has re-emerged in a new campaign targeting French users with invoice-themed lures in emails sent to corporate addresses and individuals working in manufacturing, technology, construction, and business services. The TinyNuke malware activity first appeared in 2017, culminated in 2018, then dropped significantly in 2019, and almost faded out of existence in 2020.

The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021. While ANSSI has not determined how Nobelium compromised email accounts belonging to French orgs, it added that the hackers used them to deliver malicious emails targeting foreign institutions.

Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France's Computer Emergency Response Team. Lockean activity was first noticed in 2020 when the actor hit a French company in the manufacturing sector and deployed DoppelPaymer ransomware on the network.

Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France's Computer Emergency Response Team. Lockean activity was first noticed in 2020 when the actor hit a French company in the manufacturing sector and deployed DoppelPaymer ransomware on the network.